Privacy, Ethics with email, etc.

[Wyckyd1]

Ok,
This goes out for all you who have certain "powers". You know who you are. You are that Admin that can read everyone's email or even that tech that has access to Internet History.

So how many of you have "taken a peek"? And when you do so (notice I didn't say if <img border="0" title="" alt="[Wink]" src="wink.gif" /> ) what do you do with it? Laugh your *** off, share it with workers, friends, the wife.

Hell we could even go accidentally really. I have found the damndest things accidentally.

Here is just one: I remember one time a "big guy" for a company called me because he inadvertently made a sex site his Home Page (yes he was very computer illiterate). He was really nervous (guess he should be since his fiance is in a higher corporate position than him). I just assured him "I was on the same team" . Never told anyone but got a chuckle out of it.

All in all my take is Sometimes I have no choice but to see email and such. I keep it to myself, if it is just too funny then I sometimes have to share with my girl when I get home at night or my brother who is a tech so we trade stories like that. I try to respect everyone's privacy as I go by the Adage Do unto others.....
but the power...........

[Matridom]

Here is how i see it. If your on company time, using company resources, then the company has a RIGHT to know what you doing. Basicaly, they are PAYING you for your time/work, they have the right to check into it to make sure you are giving them what you promised.

Now having said that, employees should be giving SOME discretion.. At my current workplace, the internet activity is logged (via the forced proxi server) and weekly polls are run on the logs files looking for "inappropriate" material, and/or extreme amounts of time at specifique sites.

Here are a few examples..

At a previous workplace, our marketing manager would come in on saturday to do work. he complained the most about working saturday, always came in late, always left early.. Log files showed that he was surfing illegal p0rn. He got fired and material turned over to the police.

Same workplace, log files showed an employee spending 1/4 of his/her time on e-bay. Got a warning and another visit to that site would get him/her fired.

Now, if a persons record showed, say 1-2% p0rn, then no biggy, we all can't stop pop ups and clicking on the wrong link. All of that is taking into account.

A balance between monitoring and employee privacy needs to be reached, it's a VERY fine line to walk

[EvilCabbage]

These are the sorts of things that are under review in the company I work for right now. We have just merged, so existing policies need to be resorted. As far as pr0n goes, depending on what it is, and how it has been distributed (ie: someone gets a dodgy email) I turn a blind eye. If someone is being ludicrous with company gear, they learn to fear the hand of God. God in this case, being me.

I've come across some interesting stuff, and some very personal stuff. If I come across personal things, it doesnt go further than me, ever.

If there is a situation caused by some material, I will deal with it as quietly as possible. Fortunately, nothing has turned up at this company that could be illegal, or harmful to anyone. I'll cross that bridge when I come to it.

[Sunshine]

Our company has very strict guidelines as far as employee privacy goes. There are times, however, that we must enter the user's network folders, PC, and e-mail. None can be viewed without the user's express permission, and if they refuse, they know they're making themselves look bad. so they never really refuse. In a nutshell, all our employee's personal items are considered personal unless we have just cause to think differently.
Prime example:
User leaves her e-mail open on server - my boss sees it and goes to close it - subject line and "from" on first e-mail catch her eye - now the employee (sender as well) are going to have a chat with her about proper usage of company resources - namely: cell phone charges.
One slip up by an employee can start the ball rolling, so if they're not abusing company resources they shouldn't be worrying about "intrusion" or not.
This case starting with e-mail and is now (as I type this) being investigated on a different level.
No employee is immune to probes by IS, it just depends on what starts the distrust.

[Cleetus]

I let people know point blank, that there is nothing out there that I can't get to. Most of the time I don't snoop either. If someone is suspicious, then I snoop, if someone tells me 2.5 million times(couple of weeks ago) not to look in one folder while I transfer all their files to a new pc, then I am going to look. If I find one or two illegal(agianst company policy things) things I forget it, I find a bunch and I call HR and show them. Did that all the time at my last job, but thankfully have not had to here. It is part of the job to look occasionally, but you have to have discipline not to abuse it.

[Imagenatas]

I keep it logged but I don't bother to look. My company doesn't want IT to govern, so we don't. This is more of a Management/HR issue.

[kingtbone]

I hope to god my employers don't care, because I'd be out on my *** after about 30 seconds. I can't survive without wasting my time...

[EvilCabbage]

Case in point :

This morning, 1.2gig dissapeared from *my* servers. Think the users are going to complain? Of course they wont, they know they were doing the wrong thing.

It boils down to a HR issue, and acceptable usage.

[MacGyver]

I absolutely agree with the fact that most of this is an HR problem, not an IT problem.

At our office, I have encouraged people to use HotMail, Yahoo Mail, etc for personal email and not to use their work email account for personal stuff. I had to do work on one guy's PC and it was still logged in. I inadvertently opened an incoming email (we use email software that pops up a notification window on new mail) that was of a rather sensitive nature. <img border="0" title="" alt="[Eek!]" src="eek.gif" />

When head office decided to block all the free email sites, I came to the rescue, saying that asking employees to deflect personal email elsewhere was easier on our email servers. Because of that argument, the blocked sites were lifted.

[Stalemate]

In my previous job, we had to "clean house" on the Novell server's disks reserved for user files and folders.

It became a necessity when disk space stqarted dissappearing at an alarming rate.

IMHO, my time is way too valuable to spend it checking out John's surfing habits or Jane's e-mail.

That's HR's job.

[silencio]

Corporate/work email is for work. That doesn't preclude users from sending friendly email to clients. Clients are people and limitting friendly contact to them would hurt sales.

Users need to know that there email is not private and never will be. But, admin need to understand that they are also subject to the same provisions. Being an admin doesn't give you the right to look at/joke about peoples email for the hell of it.

There are outside organizations for hire who come in and spy on the admins for a given period of time. These guys come in, set up session wall (or something like it) and track/log everything that the admin does without them ever knowing anything about it.

The notion of privacy is flawed. No-where is there privacy on the network. Someone can always be watching. Your POP password runs accross the wire in clear text. Your email flows across the network in clear text (unless you utilize encryption but how many people do?).

I always look at users from the perspective that I am also a user. I administer policy with the same perspective. It's fair.